Reentrancy is a smart contract vulnerability where an external contract can repeatedly call back into the original function before state updates complete, draining funds. The 2016 DAO hack exploited this to steal 3.6 million ETH ($60M). The guide explains the attack mechanism with a vulnerable Solidity example, walks through
Table of contents
What Is Reentrancy?A Vulnerable Smart Contract ExampleExecution FlowWhy call() Can Cause ReentrancyThe DAO Hack: The Most Famous Reentrancy AttackThe Vulnerable DAO FunctionStep By Step AttackStep 1 Deposit into the DAOStep 2 Request WithdrawalStep 3 Fallback Function ExecutesStep 4 Recursive WithdrawalsResultGet Abraham ’s stories in your inboxHow ReentrancyGuard Prevents ThisHow It WorksUsing ReentrancyGuardThe Checks Effects Interactions PatternOther Reentrancy VariantsCross Function ReentrancyCross Contract ReentrancyRead Only ReentrancyReentrancy Prevention ChecklistFinal ThoughtsSort: